We wrote yesterday about a WordPress bug where an automatic update broke automatic updating, but that’s not the only security drama in the WordPress ecosystem at the moment.

There are claims that a bug known as CVE-2018-6389 “could put 29% of the world’s websites at risk of a denial-of-service attack”, and other similarly heady claims.

Is that true? If so, what can you do about it?

We found out from Naked Security’s Mark Stockley, who’s a WordPress expert himself:

(Can’t see the video directly above this line, or getting an error such as “no longer available”? Watch on Facebook instead.)

Note. With most browsers, you don’t need a Facebook account to watch the video, and if you do have an account you don’t need to be logged in. If you can’t hear the sound, try clicking on the speaker icon in the bottom right corner of the video player to unmute.